diff options
Diffstat (limited to 'plugins/jetpack')
| -rw-r--r-- | plugins/jetpack/jetpack.php | 4 | ||||
| -rw-r--r-- | plugins/jetpack/modules/shortcodes.php | 60 | ||||
| -rw-r--r-- | plugins/jetpack/modules/shortcodes/polldaddy.php | 7 | ||||
| -rw-r--r-- | plugins/jetpack/modules/shortcodes/vimeo.php | 5 | ||||
| -rw-r--r-- | plugins/jetpack/modules/shortcodes/youtube.php | 2 | ||||
| -rw-r--r-- | plugins/jetpack/readme.txt | 11 |
6 files changed, 77 insertions, 12 deletions
diff --git a/plugins/jetpack/jetpack.php b/plugins/jetpack/jetpack.php index 4118993a..c5ee4816 100644 --- a/plugins/jetpack/jetpack.php +++ b/plugins/jetpack/jetpack.php @@ -5,7 +5,7 @@ * Plugin URI: http://jetpack.com * Description: Bring the power of the WordPress.com cloud to your self-hosted WordPress. Jetpack enables you to connect your blog to a WordPress.com account to use the powerful features normally only available to WordPress.com users. * Author: Automattic - * Version: 4.0.2 + * Version: 4.0.3 * Author URI: http://jetpack.com * License: GPL2+ * Text Domain: jetpack @@ -14,7 +14,7 @@ define( 'JETPACK__MINIMUM_WP_VERSION', '4.4' ); -define( 'JETPACK__VERSION', '4.0.2' ); +define( 'JETPACK__VERSION', '4.0.3' ); define( 'JETPACK_MASTER_USER', true ); define( 'JETPACK__API_VERSION', 1 ); define( 'JETPACK__PLUGIN_DIR', plugin_dir_path( __FILE__ ) ); diff --git a/plugins/jetpack/modules/shortcodes.php b/plugins/jetpack/modules/shortcodes.php index 0de4c14d..320de047 100644 --- a/plugins/jetpack/modules/shortcodes.php +++ b/plugins/jetpack/modules/shortcodes.php @@ -67,6 +67,66 @@ function jetpack_load_shortcodes() { } } +/** + * Runs preg_replace so that replacements don't happen within open tags. + * Parameters are the same as preg_replace, with an added optional search param for improved performance + * + * @param String $pattern + * @param String $replacement + * @param String $content + * @param String $search + * @return String $content + */ +function jetpack_preg_replace_outside_tags( $pattern, $replacement, $content, $search = null ) { + if( ! function_exists( 'wp_html_split' ) ) { + return $content; + } + + if ( $search && false === strpos( $content, $search ) ) { + return $content; + } + + $textarr = wp_html_split( $content ); + unset( $content ); + foreach( $textarr as &$element ) { + if ( '' === $element || '<' === $element{0} ) + continue; + $element = preg_replace( $pattern, $replacement, $element ); + } + + return join( $textarr ); +} + +/** + * Runs preg_replace_callback so that replacements don't happen within open tags. + * Parameters are the same as preg_replace, with an added optional search param for improved performance + * + * @param String $pattern + * @param String $replacement + * @param String $content + * @param String $search + * @return String $content + */ +function jetpack_preg_replace_callback_outside_tags( $pattern, $callback, $content, $search = null ) { + if( ! function_exists( 'wp_html_split' ) ) { + return $content; + } + + if ( $search && false === strpos( $content, $search ) ) { + return $content; + } + + $textarr = wp_html_split( $content ); + unset( $content ); + foreach( $textarr as &$element ) { + if ( '' === $element || '<' === $element{0} ) + continue; + $element = preg_replace_callback( $pattern, $callback, $element ); + } + + return join( $textarr ); +} + global $wp_version; if ( version_compare( $wp_version, '3.6-z', '>=' ) ) { diff --git a/plugins/jetpack/modules/shortcodes/polldaddy.php b/plugins/jetpack/modules/shortcodes/polldaddy.php index 70ec89b7..39890d48 100644 --- a/plugins/jetpack/modules/shortcodes/polldaddy.php +++ b/plugins/jetpack/modules/shortcodes/polldaddy.php @@ -565,17 +565,12 @@ new PolldaddyShortcode(); if ( ! function_exists( 'polldaddy_link' ) ) { // http://polldaddy.com/poll/1562975/?view=results&msg=voted function polldaddy_link( $content ) { - return preg_replace( '!(?:\n|\A)http://polldaddy.com/poll/([0-9]+?)/(.+)?(?:\n|\Z)!i', "\n<script type='text/javascript' language='javascript' charset='utf-8' src='//static.polldaddy.com/p/$1.js'></script><noscript> <a href='http://polldaddy.com/poll/$1/' target='_blank'>View Poll</a></noscript>\n", $content ); + return jetpack_preg_replace_outside_tags( '!(?:\n|\A)http://polldaddy.com/poll/([0-9]+?)/(.+)?(?:\n|\Z)!i', "\n<script type='text/javascript' charset='utf-8' src='//static.polldaddy.com/p/$1.js'></script><noscript> <a href='http://polldaddy.com/poll/$1/'>View Poll</a></noscript>\n", $content, 'polldaddy.com/poll' ); } // higher priority because we need it before auto-link and autop get to it add_filter( 'the_content', 'polldaddy_link', 1 ); add_filter( 'the_content_rss', 'polldaddy_link', 1 ); - - /** This filter is documented in modules/shortcodes/youtube.php */ - if ( apply_filters( 'jetpack_comments_allow_oembed', get_option( 'embed_autourls' ) ) ) { - add_filter( 'comment_text', 'polldaddy_link', 1 ); - } } wp_oembed_add_provider( '#http://poll\.fm/.*#i', 'http://polldaddy.com/oembed/', true ); diff --git a/plugins/jetpack/modules/shortcodes/vimeo.php b/plugins/jetpack/modules/shortcodes/vimeo.php index f63367d8..3d585a0a 100644 --- a/plugins/jetpack/modules/shortcodes/vimeo.php +++ b/plugins/jetpack/modules/shortcodes/vimeo.php @@ -268,10 +268,11 @@ function vimeo_link( $content ) { */ $plain_url = "(?:[^'\">]?\/?(?:https?:\/\/)?vimeo\.com[^0-9]+)([0-9]+)(?:[^'\"0-9<]|$)"; - return preg_replace_callback( + return jetpack_preg_replace_callback_outside_tags( sprintf( '#%s|%s#i', $shortcode, $plain_url ), 'vimeo_link_callback', - $content + $content, + 'vimeo' ); } diff --git a/plugins/jetpack/modules/shortcodes/youtube.php b/plugins/jetpack/modules/shortcodes/youtube.php index 2ea76dd6..d5db874d 100644 --- a/plugins/jetpack/modules/shortcodes/youtube.php +++ b/plugins/jetpack/modules/shortcodes/youtube.php @@ -104,7 +104,7 @@ add_filter( 'pre_kses', 'youtube_embed_to_short_code' ); * @return string The content with embeds instead of URLs */ function youtube_link( $content ) { - return preg_replace_callback( '!(?:\n|\A)https?://(?:www\.)?(?:youtube.com/(?:v/|playlist|watch[/\#?])|youtu\.be/)[^\s]+?(?:\n|\Z)!i', 'youtube_link_callback', $content ); + return jetpack_preg_replace_callback_outside_tags( '!(?:\n|\A)https?://(?:www\.)?(?:youtube.com/(?:v/|playlist|watch[/\#?])|youtu\.be/)[^\s]+?(?:\n|\Z)!i', 'youtube_link_callback', $content, 'youtube.com/' ); } /** diff --git a/plugins/jetpack/readme.txt b/plugins/jetpack/readme.txt index 9bfe0a9b..c03940ac 100644 --- a/plugins/jetpack/readme.txt +++ b/plugins/jetpack/readme.txt @@ -1,7 +1,7 @@ === Jetpack by WordPress.com ===
Contributors: automattic, adamkheckler, aduth, akirk, allendav, alternatekev, andy, apeatling, azaozz, batmoo, barry, beaulebens, blobaugh, cainm, cfinke, chaselivingston, chellycat, christinepollock, csonnek, danielbachhuber, daniloercoli, designsimply, dllh, dsmart, dzver, ebinnion, eliorivero, enej, eoigal, ethitter, gcorne, georgestephanis, gibrown, goldsounds, hew, hugobaeta, HypertextRanch, iammattthomas, iandunn, jacobshere, jblz, jeherve, jenhooks, jenia, jkudish, jmdodd, Joen, johnjamesjacoby, jshreve, koke, kraftbj, lancewillett, lschuyler, macmanx, martinremy, matt, matveb, mattwiebe, maverick3x6, mcsf, mdawaffe, michaeldcain, michael-arestad, migueluy, mikeyarce, mjangda, mkaz, nancythanki, nickmomrik, obenland, pento, professor44, ryancowles, richardmuscat, richardmtl, roccotripaldi, samhotchkiss, sdquirk, stephdau, tmoorewp, Viper007Bond, westi, yoavf, zinigor
Tags: WordPress.com, jet pack, comments, contact, gallery, performance, sharing, security, shortcodes, stats, subscriptions, widgets
-Stable tag: 4.0.2
+Stable tag: 4.0.3
Requires at least: 4.4
Tested up to: 4.5
@@ -73,7 +73,16 @@ There are opportunities for developers at all levels to contribute. [Learn more 4. Publicize.
5. Related Posts.
+== Upgrade Notice ==
+= 4.0.3 =
+Jetpack 4.0.3 fixes a critical security issue. Please upgrade immediately.
+
== Changelog ==
+= 4.0.3 =
+Release date: May 26th, 2016
+
+* Important security update. Please upgrade immediately.
+
= 4.0.2 =
Release date: April 21st, 2016
|